User authentication onto a computer system is typically accomplished with a user identification and password or smartcard together with access control mechanisms. These are effective ways of providing access control for data when an operating system (OS) is running. When the OS is not running, most platforms require other mechanisms to protect data, because the disk containing the data and access control restrictions can be mounted by an OS that does not honor the access control proclamations associated with the data to be protected.
In such circumstances, encryption technology is commonly employed so that data accessed by an unauthorized operating system is unreadable. Such data is generally contained on disk storage such as a hard disk drive (magnetic or optical). If encryption of the disk is used, then the key used to encrypt the data must itself be protected. There are a variety of technologies that are widely employed to protect keys. Common techniques include deriving the key from a password or saving the key on a storage device, itself perhaps protected by a key, such devices may include a smartcard or USB-token. Other ways to protect keys include deriving or gating access to a key based on a biometric device which measures some physical element of the user or authenticating only the operating system to which the key is disclosed so that other operating systems that do not honor the access control metadata can be barred from disk access.
Password protection, the use of a smartcard or USB token, and the use of biometric devices are only useful if a user is present. As such, they are employed by encrypted file systems but only for user or administrator-configured storage locations. This is done because there is no user present for much of the uptime on an OS. The problem with this is that applications and the system do not necessarily put all of the data that a user needs to protect in these protected locations. Part of this is poor application design, but part of it is a necessary consequence of the OS being a multi-user platform.
To avoid the placement of confidential data in unencrypted portions of the disk, the simple measure of encrypting the whole disk and deriving the encryption key from a user-entered credential may be used. But the following problems can arise; a) the OS cannot boot without a user present, b) the user requires two credentials: one to derive a disk decryption key and allow the OS to boot, and one to log on to the system, or c) the user logs on twice but uses the same credential each time: effectively turning the PC into a single user device. Other problems with user credentials in managed environments include the fact that a domain password can be changed when the OS is offline.
It is desirable to address the multiple credential entry requirement when operating with a multi-user system where the OS is encrypted on a storage disk The present invention addresses these and other concerns.